CVE-2025-43298
HIGHDescription
A parsing issue in the handling of directory paths was addressed with improved path validation. This issue is fixed in macOS Sequoia 15.7, macOS Sonoma 14.8, macOS Tahoe 26. An app may be able to gain root privileges.
CVSS v3.1 Score
Weakness Type (CWE)
Affected Products
| Vendor | Product |
|---|---|
| apple | macos |
| apple | macos |
References
Frequently Asked Questions
What is CVE-2025-43298? +
How severe is CVE-2025-43298? +
What products are affected by CVE-2025-43298? +
How do I check if I'm vulnerable to CVE-2025-43298? +
Related Vulnerabilities
A vulnerability in the Palo Alto Networks PAN-OS software enables an authenticated admin on the PAN-OS CLI to read arbitrary …
An Improper Resolution of Path Equivalence vulnerability [CWE-41] in FortiPortal 7.4.0 through 7.4.2, 7.2.0 through 7.2.6, 7.0.0 through 7.0.11 may …
GitLab has remediated an issue in GitLab CE/EE affecting all versions from 18.10 before 18.10.4 and 18.11 before 18.11.1 that …
Windows Security Zone Mapping Security Feature Bypass Vulnerability
In lunary-ai/lunary, the privilege check mechanism is flawed in version git afc5df4. The system incorrectly identifies certain endpoints as public …
IBM DS8900F HMC 89.21.19.0, 89.21.31.0, 89.30.68.0, 89.32.40.0, and 89.33.48.0 could allow an authenticated user to arbitrarily delete a file. IBM …